On 8/9/21 1:54 PM, James Bottomley wrote:
> On Mon, 2021-08-09 at 12:37 -0400, Stefan Berger wrote:
>> This series imports code from the edk2-platforms project related to
>> changing the password of the TPM2 platform hierarchy and uses it to
>> disable the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
>> aspects of the following bugs:
>>
>> https://bugzilla.tianocore.org/show_bug.cgi?id=3510
>> https://bugzilla.tianocore.org/show_bug.cgi?id=3499
> This raises a couple of issues:
>
> 1. Since OVMF is for all x86 virtual platforms not just the PC ones,
> should it be following the PC client spec for everything? I notice
> you left out Xen and Bhyve ... should they never follow this?
I am not sure how to build Bhyve but one part of the patch is already
there for it in this series:
If this is how you build Bhyve I am getting a build failure already
before these patches here are applied.
build -p OvmfPkg/Bhyve/BhyveX64.dsc -b DEBUG -a X64 -t GCC5 -D
TPM_ENABLE -D TPM_CONFIG_ENABLE -D SECURE_BOOT_ENABLE -D
NETWORK_TLS_ENABLE 2>&1 | tee build.log
Build environment: Linux-5.12.14-300.fc34.x86_64-x86_64-with-glibc2.33
Build start time: 14:21:41, Aug.09 2021
WORKSPACE = /home/stefanb/dev/edk2
EDK_TOOLS_PATH = /home/stefanb/dev/edk2/BaseTools
CONF_PATH = /home/stefanb/dev/edk2/Conf
PYTHON_COMMAND = /usr/bin/python3.9
Processing meta-data .
Architecture(s) = X64
Build target = DEBUG
Toolchain = GCC5
Active Platform = /home/stefanb/dev/edk2/OvmfPkg/Bhyve/BhyveX64.dsc
build.py...
/home/stefanb/dev/edk2/OvmfPkg/Bhyve/BhyveX64.dsc(198): error 000E:
File/directory not found in workspace
/home/stefanb/dev/edk2/OvmfPkg/Bhyve/Library/PlatformSecureLib/PlatformSecureLib.inf
> 2. Since OVMF is effectively both the platform and the firmware, what
> attitude should we take to code in edk2-platforms? There are
> arguments for pulling all the necessary components into OVMF, but it
> could also be argued that the VMM should take care of all the edk2-
> platforms pieces and OVMF should be strictly firmware.
That's what I had been wondering about in V1 as well. This import here
now followed the option 2 in that discussion and I cut out basically
only the function that disables the platform hierarchy rather than
setting a random password, which I kept since it didn't seem to require
further dependencies. to be imported from edk2-platforms.
>
> Getting 2. sorted out is probably the more pressing policy issue for
> us.
>
> James
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78984): https://edk2.groups.io/g/devel/message/78984
Mute This Topic: https://groups.io/mt/84773154/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-